Lofgren calls for meaningful cybersecurity reform, says CISPA falls short

January 9, 2015
Press Release
WASHINGTON, DC - U.S. Rep. Zoe Lofgren (D-Calif.) issued the following statement today calling for meaningful cybersecurity reforms following the re-introduction of the Cyber Intelligence Sharing and Protection Act (CISPA):

"I'm glad the House is demonstrating an interest in exploring ways in which the nation can better protect against cyber-attacks. This is, no doubt, a very important issue – and our nation faces a security threat that has been made even more apparent in light of highly publicized cyber-attacks in recent months.

"However, I fear we may have taken the wrong lesson from these recent high-profile attacks. These attacks were not the result of a missed opportunity to share information, but rather caused by substantial and obvious security failures and a culture of treating cybersecurity as an after-thought. CISPA would do little good in light of these much larger failings—in fact, CISPA's astonishingly broad and overly vague information sharing regime does more harm than good when it comes to Americans' privacy.

"Rather than introducing a bill which would allow private entities to share personal information, including the content of emails, for vaguely defined ‘cybersecurity purposes,' we should be looking to promote proper cybersecurity practices as a foundational pillar of modern businesses.

"If we truly wish to protect the nation against cyber-attacks through information sharing, we should encourage the government to disclose the previously unknown hardware, software and network vulnerabilities it discovers that leave our private companies vulnerable to bad actors.

"We should also look to legislation like the Secure Data Act, introduced last Congress, which closes government mandated backdoors that intentionally undermine and undercut the development and deployment of strong data security technologies, leaving them insecure and ripe for abuse. Doing so would bolster national security, economic security, personal privacy, and rebuild public trust."

###